<?php

/**
 *	public file receiver
 */
  
// escape strings
foreach( $_GET as $key => $value ) {
	$$key = mysql_real_escape_string( $_GET[ $key ] );
}	

if( $up ) {
	
	$active_ext 	= array_pop( explode( '/', $fileType ));
	$original_ext 	= array_pop( explode( '.', $name ));
	
	//checks
	if( !empty( $auth ) && !empty( $objid ) && !empty( $objtype ) && @stristr( $filetypes, $active_ext )) {
		
		// db insert
		$_SESSION['uid'] = (int) $_GET['auth'];
		$noob 	= $DB->set( 'social.img', array( 'llog' => date( 'Y-m-d H:i:s' ), 'active' => 1, 'creator' => $_SESSION['uid'], 'meta' => array( 'raw' => $name, 'source' => 'upload' )));
		$DB->query( "insert into glue_social ( `parenttype`, `parentid`, `objtype`, `objid`, `rank`, `user`) values 
										(" . $DB->type( $objtype ) . ", " . $objid . ", " . $DB->type( 'social.img' ) . ", " . (int) $noob . ", 5, " . $_SESSION['uid'] . " )", 0 );	
										
		// prepare and write file
		$upload_folder = ROOT . ACCOUNT ."/www/DB/" . $folder . "/";
		if(isset($_GET['base64'])) {
			$content = base64_decode( file_get_contents( 'php://input' ));
		} else {
			$content = file_get_contents( 'php://input' );
		}
	
		$headers = getallheaders();
		$headers = array_change_key_case($headers, CASE_UPPER); //different case was being used for different browsers
	
		file_put_contents( $upload_folder. $noob . "." . $original_ext, $content );
	
		if( $_GET[ 'mail' ] && $_GET[ 'mailuser' ] ) {
			$Trip		 = new OBJECT( mysql_real_escape_string( $_GET[ 'objtype' ] ), (int) mysql_real_escape_string( $_GET[ 'objid' ] )); 
			$User		 = new USER( $_SESSION[ 'uid' ] ); 
				
			$mail 	 = "<table><tbody>";
			$mail 	.= "<tr><td>Reis</td><td><a href='" . engine_get( 'url' ) . $Trip->uri() ."'>" . engine_get( 'url' ) . $Trip->uri() . "</td></tr>";
			$mail 	.= "<tr><td>User</td><td>". $User->get( 'fname' ) . ' ' . $User->get( 'lname' ) ."</td></tr>";
			$mail 	.= "<tr><td>Image</td><td>". mysql_real_escape_string( $_GET[ 'name' ] ) . "</td></tr>";
		
			$mail	.= "</tbody></table>";
		}
		
		$Letter	= new MAIL( "html" );
		$Letter->generate( mysql_real_escape_string( (int) $_GET[ 'mail' ] ), $mail );
		$Letter->send_single(( int ) mysql_real_escape_string( $_GET[ 'mailuser' ] ));

		echo json_encode( array( 'file' => $name, 'fileid' => $noob, 'success' => 1, 'msg' => translate( 'Bestand(en) met succes upgeload' )));

	} else {
		
		echo json_encode( array( 'success' => 0, 'msg' => translate( 'Er ging iets mis...' )));
		exit();
	}

	// force quit
	exit();
}
